20 matches found
CVE-2026-43577
OpenClaw before 2026.4.9 contains a file read vulnerability allowing attackers to bypass navigation guards through browser act/evaluate interactions. Attackers can pivot into the local CDP origin and create or read disallowed file:// pages despite direct navigation policy restrictions...
CVE-2026-43577
OpenClaw is affected by a file-read vulnerability prior to version 2026.4.9. The issue allows an attacker to bypass navigation guards via browser act/evaluate interactions, pivot into the local CDP origin, and create or read disallowed file:// pages despite navigation policy restrictions. Impact ...
CVE-2026-43577 OpenClaw < 2026.4.9 - Arbitrary File Read via Browser Interaction Routes
OpenClaw before 2026.4.9 contains a file read vulnerability allowing attackers to bypass navigation guards through browser act/evaluate interactions. Attackers can pivot into the local CDP origin and create or read disallowed file:// pages despite direct navigation policy restrictions...
CVE-2026-43577 OpenClaw < 2026.4.9 - Arbitrary File Read via Browser Interaction Routes
OpenClaw before 2026.4.9 contains a file read vulnerability allowing attackers to bypass navigation guards through browser act/evaluate interactions. Attackers can pivot into the local CDP origin and create or read disallowed file:// pages despite direct navigation policy restrictions...
GHSA-7GMJ-67G7-PHM9 Tauri has an Origin Confusion Issue that Allows Remote Pages to Invoke Local-Only IPC Commands
Summary A flaw in Tauri's islocalurl function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme protocols to http://.localhost/ because those platforms' WebView implementations cannot serve custom URI...
GHSA-QMWG-QPRG-3J38 OpenClaw: Browser interaction routes could pivot into local CDP and regain file reads
Summary Browser interaction routes could pivot into local CDP and regain file reads. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.9 Impact Browser act/evaluate interactions could trigger navigation into the local CDP origin and then create or rea...
OpenClaw: Browser interaction routes could pivot into local CDP and regain file reads
Summary Browser interaction routes could pivot into local CDP and regain file reads. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.9 Impact Browser act/evaluate interactions could trigger navigation into the local CDP origin and then create or rea...
GHSA-PRMX-7V35-7Q82 a11y-mcp: Server-Side Request Forgery (SSRF) vulnerability in A11yServer function
A vulnerability was found in priyankark a11y-mcp up to 1.0.5. This vulnerability affects the function A11yServer of the file src/index.js. The manipulation results in server-side request forgery. The attack must be initiated from a local position. The exploit has been made public and could be use...
Mozilla: Phishing site popup could show local origin in address bar
The Mozilla Foundation Security Advisory describes this flaw as: A phishing site could have repurposed an about: dialog to show phishing content with an incorrect origin in the address bar...
Mozilla: Phishing site popup could show local origin in address bar
The Mozilla Foundation Security Advisory describes this flaw as: A phishing site could have repurposed an about: dialog to show phishing content with an incorrect origin in the address bar...
Mozilla: Phishing site popup could show local origin in address bar
The Mozilla Foundation Security Advisory describes this flaw as: A phishing site could have repurposed an about: dialog to show phishing content with an incorrect origin in the address bar...
Mozilla: Phishing site popup could show local origin in address bar
The Mozilla Foundation Security Advisory describes this flaw as: A phishing site could have repurposed an about: dialog to show phishing content with an incorrect origin in the address bar...
Mozilla: Phishing site popup could show local origin in address bar
The Mozilla Foundation Security Advisory describes this flaw as: A phishing site could have repurposed an about: dialog to show phishing content with an incorrect origin in the address bar...
Mozilla: Phishing site popup could show local origin in address bar
The Mozilla Foundation Security Advisory describes this flaw as: A phishing site could have repurposed an about: dialog to show phishing content with an incorrect origin in the address bar...
Mozilla: Phishing site popup could show local origin in address bar
The Mozilla Foundation Security Advisory describes this flaw as: A phishing site could have repurposed an about: dialog to show phishing content with an incorrect origin in the address bar...
Mozilla: Phishing site popup could show local origin in address bar
The Mozilla Foundation Security Advisory describes this flaw as: A phishing site could have repurposed an about: dialog to show phishing content with an incorrect origin in the address bar...
Mozilla: Phishing site popup could show local origin in address bar
The Mozilla Foundation Security Advisory describes this flaw as: A phishing site could have repurposed an about: dialog to show phishing content with an incorrect origin in the address bar...
Linux Kernel 2.6.x Cloned Process 'CLONE_PARENT' Local Origin Validation Weakness
No description provided by source. source: http://www.securityfocus.com/bid/33906/info The Linux kernel is prone to an origin-validation weakness when dealing with signal handling. This weakness occurs when a privileged process calls attacker-supplied processes as children. Attackers may exploit...
Linux Kernel 2.6.x - Cloned Process CLONE_PARENT Local Origin Validation
Linux Kernel 2.6.x - Cloned Process CLONEPARENT Local Origin Validation / source: https://www.securityfocus.com/bid/33906/info The Linux kernel is prone to an origin-validation weakness when dealing with signal handling. This weakness occurs when a privileged process calls attacker-supplied...
Linux Kernel 2.6.x - Cloned Process 'CLONE_PARENT' Local Origin Validation
/ source: https://www.securityfocus.com/bid/33906/info The Linux kernel is prone to an origin-validation weakness when dealing with signal handling. This weakness occurs when a privileged process calls attacker-supplied processes as children. Attackers may exploit this to send arbitrary signals t...